<?php
session_start();
//注销登录
if($_GET['action'] == "logout"){
    unset($_SESSION['userid']);
    unset($_SESSION['username']);
    echo "<script>alert('注销成功')</script>";
    $_SESSION = array();
	echo "<script>setTimeout(function(){window.location.href='login.html';});</script> ";
    exit;
}
//登录
if(!isset($_POST['submit'])){
    exit('非法访问!');
}
$username = htmlspecialchars($_POST['username']);
$password = MD5($_POST['password']);
if(stristr($username,'\'') || stristr($password,'\'') ){
echo"<script>alert('账号密码有恶意符号，请重新输入')</script>";
echo "<script>setTimeout(function(){window.location.href='login.html';});</script> ";
return false;
}
//包含数据库连接文件
include('../Config/conn.php');
//检测用户名及密码是否正确
$check_query = mysql_query("select * from user where username='$username' and password='$password' 
limit 1")or die(mysql_error());
if($result = mysql_fetch_array($check_query)){
    //登录成功
    $_SESSION['username'] = $username;
    $_SESSION['userid'] = $result['uid'];
	$ip = $_SERVER["REMOTE_ADDR"];
	$log=mysql_query("insert into user_log (username,ip,logintime) values('$username','$ip',now())");
    
    header("Location:index.php");
    exit;
} else {
     echo "<script>alert('用户名或密码错误')</script>";
     echo "<script>setTimeout(function(){window.location.href='login.html';});</script> ";
}
?>